{"id":"https://openalex.org/W2322038197","doi":"https://doi.org/10.1145/2905760.2905761","title":"TOFU for OpenPGP","display_name":"TOFU for OpenPGP","publication_year":2016,"publication_date":"2016-04-07","ids":{"openalex":"https://openalex.org/W2322038197","doi":"https://doi.org/10.1145/2905760.2905761","mag":"2322038197"},"language":"en","primary_location":{"id":"doi:10.1145/2905760.2905761","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2905760.2905761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th European Workshop on System Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088404079","display_name":"Neal H. Walfield","orcid":null},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Neal H. Walfield","raw_affiliation_strings":["Johns Hopkins and GnuPG"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins and GnuPG","institution_ids":["https://openalex.org/I145311948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033545875","display_name":"Werner Koch","orcid":"https://orcid.org/0000-0001-7246-0434"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Werner Koch","raw_affiliation_strings":["GnuPG"],"affiliations":[{"raw_affiliation_string":"GnuPG","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5088404079"],"corresponding_institution_ids":["https://openalex.org/I145311948"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.0119836,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7351762652397156},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.7283644676208496},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7074076533317566},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5831224322319031},{"id":"https://openalex.org/keywords/public-key-infrastructure","display_name":"Public key infrastructure","score":0.5080456733703613},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.4643538296222687},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4444206655025482},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4407816529273987},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.4321020245552063},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3226189613342285},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.073571115732193}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7351762652397156},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.7283644676208496},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7074076533317566},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5831224322319031},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.5080456733703613},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.4643538296222687},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4444206655025482},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4407816529273987},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.4321020245552063},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3226189613342285},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.073571115732193},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2905760.2905761","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2905760.2905761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 9th European Workshop on System Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6100000143051147}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W204204333","https://openalex.org/W1550000763","https://openalex.org/W1909457994","https://openalex.org/W1953683851","https://openalex.org/W1978162256","https://openalex.org/W2083055907","https://openalex.org/W2129012113","https://openalex.org/W2129830111","https://openalex.org/W2131906261","https://openalex.org/W2161954933","https://openalex.org/W4210467114"],"related_works":["https://openalex.org/W2763050151","https://openalex.org/W2001371286","https://openalex.org/W1915479549","https://openalex.org/W1606380665","https://openalex.org/W2994213367","https://openalex.org/W1955053247","https://openalex.org/W2036546368","https://openalex.org/W2047347125","https://openalex.org/W1484754451","https://openalex.org/W2104283649"],"abstract_inverted_index":{"We":[0],"present":[1],"the":[2,23,26,31,48,73,81,91,114,129,144,191,196,199],"design":[3],"and":[4,46],"implementation":[5,194],"of":[6,116,178,198],"a":[7,18,37,41,44,52,78,94,176],"trust-on-first-use":[8],"(TOFU)":[9],"policy":[10],"for":[11,123],"OpenPGP.":[12],"When":[13],"an":[14,55,88,148],"OpenPGP":[15],"user":[16,74,137],"verifies":[17],"signature,":[19],"TOFU":[20,66,97,139,168,187],"checks":[21],"that":[22,40,132],"signer":[24,92],"used":[25],"same":[27],"key":[28,42],"as":[29],"in":[30],"past.":[32],"If":[33],"not,":[34],"this":[35,106,163],"is":[36,43,50,60,111,131,140],"strong":[38],"indicator":[39],"forgery":[45,53],"either":[47],"message":[49,79,95],"also":[51,141],"or":[54,61],"active":[56],"man-in-the-middle":[57],"attack":[58,89],"(MitM)":[59],"was":[62],"underway.":[63],"That":[64],"is,":[65],"can":[67,85,169,188],"proactively":[68],"detect":[69,87],"new":[70],"attacks":[71,180],"if":[72,90],"had":[75],"previously":[76],"verified":[77],"from":[80],"signer.":[82],"And,":[83],"it":[84,133],"reactively":[86],"gets":[93],"through.":[96],"cannot,":[98],"however,":[99],"protect":[100],"against":[101,181],"sustained":[102],"MitM":[103],"attacks.":[104],"Despite":[105],"weakness,":[107],"TOFU's":[108],"practical":[109],"security":[110],"stronger":[112],"than":[113,143],"Web":[115],"Trust":[117],"(WoT),":[118],"OpenPGP's":[119],"current":[120],"trust":[121],"policy,":[122],"most":[124,145],"users.":[125],"The":[126],"problem":[127],"with":[128],"WoT":[130],"requires":[134],"too":[135],"much":[136],"support.":[138],"better":[142],"popular":[146],"alternative,":[147],"X.509-based":[149],"PKI,":[150],"which":[151],"relies":[152],"on":[153],"central":[154],"servers":[155],"whose":[156],"certification":[157],"processes":[158],"are":[159],"often":[160],"sloppy.":[161],"In":[162],"paper,":[164],"we":[165,174,184],"outline":[166],"how":[167,186],"be":[170],"integrated":[171],"into":[172],"OpenPGP;":[173],"address":[175],"number":[177],"potential":[179],"TOFU;":[182],"and,":[183],"show":[185],"work":[189],"alongside":[190],"WoT.":[192],"Our":[193],"demonstrates":[195],"practicality":[197],"approach.":[200]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2022,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}